9.8
CVE-2024-22425
- EPSS 0.48%
- Published 16.02.2024 12:15:07
- Last modified 23.01.2025 16:51:37
- Source security_alert@emc.com
- Teams watchlist Login
- Open Login
Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains a brute force/dictionary attack vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to launch a brute force attack or a dictionary attack against the RecoverPoint login form. This allows attackers to brute-force the password of valid users in an automated manner.
Data is provided by the National Vulnerability Database (NVD)
Dell ≫ Recoverpoint For Virtual Machines Version5.3 Updatesp2
Dell ≫ Recoverpoint For Virtual Machines Version5.3 Updatesp2_p1
Dell ≫ Recoverpoint For Virtual Machines Version5.3 Updatesp2_p2
Dell ≫ Recoverpoint For Virtual Machines Version5.3 Updatesp2_p4
Dell ≫ Recoverpoint For Virtual Machines Version5.3 Updatesp3_p1
Dell ≫ Recoverpoint For Virtual Machines Version5.3 Updatesp3_p2
Dell ≫ Recoverpoint For Virtual Machines Version6.0 Updatesp1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.48% | 0.64 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| security_alert@emc.com | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
CWE-307 Improper Restriction of Excessive Authentication Attempts
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.